Sean Berg is president of global governments and critical infrastructure at Forcepoint and a former U.S. Marine.
Perimeter-based cybersecurity has been slowly eroding in recent years. A traditional perimeter approach emphasizes protecting the data center as if it were a castle surrounded by thick, stone walls. But increased mobile and cloud adoption have moved data and applications beyond the corporate data center, while the pandemic has forced a mass shift to remote work. In turn, people are the new perimeter. Cybersecurity strategies must reflect that.
An inside-out approach that leverages an understanding of user behavior is the modern path forward for government agencies. With workers distributed and often working from unsecured devices and networks, a perimeter is not just difficult to define, but rendered ineffective. If employees are working from anywhere, then agencies need to be able to protect from anywhere too. This means bringing controls closer to the user, while ensuring that people are who they say they are.
In that regard, agencies have begun undertaking the necessary work of implementing zero trust. A zero trust approach puts user identity at the center of security design, in the context of a “never trust, always verify” framework. Sometimes though, zero trust is not implemented in a manner that’s adaptive enough to be effective. Instead of immediately locking down a perceived risky action, which creates tremendous friction for employees, agencies need to also implement continuous monitoring and assessment to contextualize a user’s activity.
Continuous monitoring allows for a risk score to be applied to users in real time, enabling an adaptive response to them. This can only happen with a granular understanding of user behavior, though. Having the capability to understand who is accessing agency resources, what they’re doing with them, and in what context is crucial to determining what level of risk a particular user’s actions represent.
Advanced behavioral analytics and automated response tools, like those offered by Forcepoint, not only simplify the task of identifying and assessing emerging risks, but dramatically reduce response time. Continuous monitoring can be done from anywhere, too, meaning cybersecurity is not limited to being run from the office.
When paired with a zero trust architecture, continuous monitoring reduces friction that can stand in the way of successfully executing a mission. Instead of locking down vast amounts of data by default and inhibiting information sharing, behavioral analytics makes it possible to personalize the security response on a case-by-case basis. The ability to establish one-to-one security controls in real time, versus a one-to-many or one-size-fits-all approach, is crucial in the age of mass remote work.
Take, for example, the recent SolarWinds “Sunburst” attack which targeted personnel with access to government and enterprise servers and utilized compromised credentials to explore critical data on those servers for months. This is just the latest broad-scale attack that further underscores the need for zero trust, behavior analytics and continuous monitoring. This combination ensures continuous validation of a user post-authentication and can prevent unauthorized users from gaining a foothold into a network — by detecting anomalies on the network in real-time to stop breaches before they happen.
This hack also reminds us just how ripe a target the government is to hackers, and how a traditional outside-in perimeter approach is no longer sufficient for keeping critical data and applications secure. To be prepared, the government must consider an inside-out approach that puts understanding user behavior at the center of its cybersecurity design.
With people as the new perimeter, zero trust is a non-negotiable first step for securing newly distributed agency workforces and ensuring users are who they say they are. But zero trust must be taken one step further to include continuous monitoring and assessment. These advanced technologies put controls dramatically closer to the user and allow agencies to react to threats in a fast, adaptive manner that doesn’t hinder connectivity or productivity.
Learn more about how to defend against insider threats, from a former special agent and 30-year security veteran. Download a copy of “The Complete Guide to Insider Risk” and get our agency guide to “Implementing Zero Trust.”